6.3 Trusted Execution Environments (TEE)
While zero-knowledge proofs (ZK) are well-suited for verifying simple assertions (such as "I am an adult"), generating ZK proofs is prohibitively expensive and extremely difficult to develop for commercial scenarios with high computational loads or requiring general-purpose logic processing.
OmniPact introduces Trusted Execution Environments (TEEs) as a complementary solution. We have built a decentralized network of TEE nodes (based on Intel SGX or AMD SEV) to provide hardware-level isolated execution regions (Enclaves) for the protocol.
6.3.1 Intel SGX Integration for "Compute-to-Data"
In traditional business data transactions, data must be sent to the buyer before it can be used, which leads to the risk of unlimited copying once the data is sold (the data breach paradox). OmniPact disrupts this model by adopting a Compute-to-Data architecture.
1. Architecture Principles
Encrypted Data at Rest: Data (such as medical records and financial transaction flows) is always stored in an encrypted state in IPFS or a private cloud.
Encrypted Compute in Motion: When a buyer purchases the "right to use" data, they do not download the raw data, but instead upload an algorithm script (such as a Python training script).
The Black Box (Enclave):
The OmniPact TEE node loads encrypted data and algorithm scripts.
Data is decrypted only within the CPU's encrypted memory region (Enclave).
The CPU performs computational tasks (such as training models). Even node operators with physical machines cannot read plaintext data from memory.
The calculation results (such as trained model weights or statistical reports) are encrypted and output and sent to the buyer.
2. Commercial value
This enables OmniPact to support a privacy-preserving data marketplace. Businesses can sell “insights” into their data without having to sell ownership of it.
6.3.2 Secure Enclaves for Sensitive IP Transfer
For high-value intellectual property (IP) transactions—such as AI model weights, quantitative trading algorithms, and undisclosed zero-day vulnerability code—an extreme trust deadlock exists between the buyer and seller:
Buyer: "How am I supposed to know it's real if you don't let me test the code?"
Seller: "What if I let you test the code, and you copied it without paying?"
OmniPact uses TEE to create an "opaque inspection room".
1. Remote Attestation - DCAP
Before a transaction begins, both the buyer and seller will verify the remote authentication report (Quote) of the TEE node.
This is a digital certificate signed with the Intel hardware root key.
This proves that the node is indeed running on real SGX hardware, and that the hash of the loaded code (OmniPact verifier) is completely consistent with the open-source code and has not been tampered with.
2. Key Exchange inside Enclave
Encrypted upload: The seller uploads the algorithm code to IPFS in encryption; the buyer uploads the test dataset in encryption.
Enclave execution: The TEE node pulls data from both sides. Inside the Enclave, the negotiated session key is used to decrypt the code and test data.
Run and verify: The code runs against the test data within the Enclave.
Output: The TEE node outputs a performance report (such as "Accuracy 98.5%" or "Backtesting Return 20%) to the buyer, rather than the code itself.
Funds settlement:
If the performance meets the requirements, the smart contract automatically releases the funds to the seller and (optionally) transfers the right to use the code to the buyer via Key Re-encryption.
If performance fails to meet requirements, the transaction is cancelled, and the code is never leaked to the buyer.
This mechanism perfectly solves the verification problem in digital asset transactions, making OmniPact the world's first platform to support "zero-trust intellectual property transactions".
How OmniPact leverages hardware security technology to extend the capabilities of blockchain, enabling it to handle privacy-preserving transactions of the most critical assets of the AI era—data and algorithms.
Last updated